Just like many others, my website has parts that are “public” and
parts where the user has to login to see it. Since I don’t need to
manage user roles, I have this basic interface:
public class SecureWebPage extends WebPage {
public SecureWebPage() {
if(!UserLoggedInSession.get().isLoggedIn()) {
getRequestCycle().setRedirect(true);
throw new RestartResponseException(Login.class);
}
}
}
So, if I have a webpage that is “private”, it just extends this
interface instead of the normal wicket Page.
My question is, just how safe is this approach to securing specific
individual webpages?
Could this security mechanism be easily broken and let non-loggedin users in?
Thanks.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
